hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-03-05 07:06:47 +01:00
Code Issues Packages Projects Releases Wiki Activity
29,060 Commits 1,700 Branches 161 Tags
58de6d143f99217c915702d765495dfe26d8c856
Commit Graph

29060 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Benjamin Muskalla
58de6d143f Add docs to explain the models captured by the predicates 2021-11-10 16:30:24 +01:00
Benjamin Muskalla
747ab122c3 Restrict fluent api models to same type access 2021-11-10 16:30:24 +01:00
Benjamin Muskalla
8564c9001a Fix naming for source nodes 2021-11-10 16:30:24 +01:00
Benjamin Muskalla
9500c9c8bc Support lambda flow for source models 
Also rely on public API to detect the source node
 2021-11-10 16:30:24 +01:00
Benjamin Muskalla
35baa1c3df Support bulkdata for boxed types as well 2021-11-10 16:30:23 +01:00
Benjamin Muskalla
83b4070f31 Fix bug to accept bulk data for char/byte arrays 2021-11-10 16:30:23 +01:00
Benjamin Muskalla
281f25403d Match enclosing unit without casting to specific nodes 2021-11-10 16:30:23 +01:00
Benjamin Muskalla
bc10fd94cb Support generating only specific models 2021-11-10 16:30:23 +01:00
Benjamin Muskalla
0e9fcc6c39 Only generate models for local supertypes 
Avoid generating models for classes
implementing external SPI (e.g. `FileFilter`).
Keep `toString` models intact as they're
commonly used as taint-propagation method
(e.g. see `Joiner`).
 2021-11-10 16:30:23 +01:00
Benjamin Muskalla
157f56f48a Capture model for defining interface 
Instead of modeling individual implementations, take a more general
approach of reuse dataflows for interfaces defined by a library. This allows
tracking flows across all implementations and aligns better with how we
manually model frameworks. This may have some FPs given all possible flows
are modeled for a specific interface but also covers more scenarios where
we don't know which implementation of an interface is used.
 2021-11-10 16:30:22 +01:00
Benjamin Muskalla
f36bb8baaf Exclude models for simpler types 
Avoid generating models for types that can't really propagate taint
in a valuable way (e.g. primitivies, BigInt, ..). Keep tracking
bulk-like data (e.g. char[] or byte[]).
 2021-11-10 16:30:22 +01:00
Benjamin Muskalla
842f617bc1 Order sinks and sources first 2021-11-10 16:30:22 +01:00
Benjamin Muskalla
be150f269b Formatting 2021-11-10 16:30:22 +01:00
Benjamin Muskalla
2654e27123 Exclude known internal APIs from being modeled 2021-11-10 16:30:22 +01:00
Benjamin Muskalla
6b2460d4a1 Formatting 2021-11-10 16:30:21 +01:00
Benjamin Muskalla
060862ab3b Avoid certain test sources in models 2021-11-10 16:30:21 +01:00
Benjamin Muskalla
e607953b9c Simplify query 2021-11-10 16:30:21 +01:00
Benjamin Muskalla
9a859334d4 Formatting 2021-11-10 16:30:21 +01:00
Benjamin Muskalla
6c59333716 Remove workaround that accounted for missing flow 2021-11-10 16:30:21 +01:00
Benjamin Muskalla
7dae6122d9 Support CharSequence#toString 
Given CharSequence is often used as an
alias for String, ensure taint through toString is flowing
 2021-11-10 16:30:20 +01:00
Benjamin Muskalla
ca9d5439f0 Restrict source configuration to return nodes 2021-11-10 16:30:20 +01:00
Benjamin Muskalla
7a7ec06819 Simplify sink configuration 2021-11-10 16:30:20 +01:00
Benjamin Muskalla
1a4fd7bc7d Allow camelcase names 2021-11-10 16:30:20 +01:00
Benjamin Muskalla
2b2ac82fb7 Fix bug in sink detection 2021-11-10 16:30:20 +01:00
Benjamin Muskalla
c616eb1473 Fix finding more sources 2021-11-10 16:30:19 +01:00
Benjamin Muskalla
38579ef25b Add proper metadata to queries 2021-11-10 16:30:19 +01:00
Benjamin Muskalla
a80d50cbc0 Simplify field flow 2021-11-10 16:30:19 +01:00
Benjamin Muskalla
a1d8dfb524 Initial support for source models 2021-11-10 16:30:19 +01:00
Benjamin Muskalla
c844f5382f Add script to generate flow models 2021-11-10 16:30:19 +01:00
Benjamin Muskalla
f9fea15a52 Initial support for capturing sink models 2021-11-10 16:30:18 +01:00
Benjamin Muskalla
364de55b8d Support parameter->parameter flow 2021-11-10 16:30:18 +01:00
Benjamin Muskalla
cd11ef3bf6 Support outgoing taint flow from fields 2021-11-10 16:30:18 +01:00
Benjamin Muskalla
c3462be2c9 Capture argument->return value flows 2021-11-10 16:30:18 +01:00
Benjamin Muskalla
4ca006ba3d Only expose visible innner classes 2021-11-10 16:30:18 +01:00
Benjamin Muskalla
88032afdc3 Add test for final class 2021-11-10 16:30:17 +01:00
Benjamin Muskalla
ec772fb6b2 Add support for qualifier flow 2021-11-10 16:30:17 +01:00
Benjamin Muskalla
32ef40c77b Add scaffolding for summary model generator 2021-11-10 16:30:17 +01:00
Mathias Vorreiter Pedersen
e0b876d2f6 Merge pull request #7102 from MathiasVP/fix-map-test 
C++: Fix a testcase
 2021-11-10 13:51:10 +00:00
Mathias Vorreiter Pedersen
ccdaf49464 C++: Fix the same bug in the test for ordered maps. 2021-11-10 13:24:27 +00:00
Mathias Vorreiter Pedersen
86d78b34aa C++: Use the correct variable in the 'test'. 2021-11-10 13:04:48 +00:00
Rasmus Wriedt Larsen
de926dc2a1 Merge pull request #7085 from yoff/python/model-aiopg 
Python: model aiopg
 2021-11-10 13:10:30 +01:00
Benjamin Muskalla
0f086056a1 Merge pull request #7100 from bmuskalla/bmuskalla/ioAsFile 
Java: Extract Commons IO into seperate file
 2021-11-10 12:04:12 +01:00
Rasmus Lerchedahl Petersen
92a7114b72 Python: Add API references 2021-11-10 11:06:58 +01:00
Rasmus Lerchedahl Petersen
c6d285dd2a Python: Fix test 2021-11-10 11:06:45 +01:00
yoff
a856395d56 Apply suggestions from code review 
Co-authored-by: Rasmus Wriedt Larsen <rasmuswriedtlarsen@gmail.com>
 2021-11-10 10:51:40 +01:00
Benjamin Muskalla
f9fa22c14d Removed unused import 2021-11-10 10:21:54 +01:00
Benjamin Muskalla
1a751608de Extract Commons IO into seperate file 2021-11-10 10:15:27 +01:00
Tony Torralba
4da1dce811 Merge pull request #7099 from github/workflow/coverage/update 
Update CSV framework coverage reports
 2021-11-10 08:54:11 +01:00
github-actions[bot]
f5426336c3 Add changed framework coverage reports 2021-11-10 00:09:06 +00:00
Tom Hvitved
8195ebf4b3 Merge pull request #7059 from hvitved/ruby/basic-store-step-postupdate 
Ruby: Fix `basicStoreStep`
 2021-11-09 15:16:07 +01:00